CIS 4204 Ethical Hacking Fall, 2014

Transcription

1 CIS 4204 Ethical Hacking Fall, 2014 Course Abstract: The purpose of this course is to provide a basic understanding of computing, networking, programming concepts, and exploitation techniques, as they relate to computer security. In security testing, an ethical hacker with legal permission attempts to penetrate a system or systems to find a weak link and then analyze ways to correct the security flaws. Ethical hacking relies on a combination of creativeness, expansion of knowledge based on best practices, legal issues, and client industry regulations as well as known threats and the breath of the target organization s security presence or point of risk. Outcomes of this course: General computer organization and architecture Ethical Hacking methodology Generalized exploit techniques Basic network concepts Networking vulnerabilities and countermeasures Class Format: Undergraduate course meeting online via Canvas. This class will be taught completely online. There will be a number of hands-on exercises using the tools of the trade and other freeware/shareware tools that may be acquired online. Professor: Contact Info/Office Hours: Shane Hartman me anytime at: shartman@sar.usf.edu.

2 Required reading: Hacking Exposed: Network Security Secrets and Solutions, 7 By: Stuart McClure, Joel Scambray, and George Kurtz ISBN: I will also refer to other books that are not required but useful for bolstering your overall knowledge of ethical hacking: I will make mention of them during class. Class Participation: Here is my official stance on the subject, as I have indicated to Student Advising: This course is to be taken asynchronously. Part of the student s grade is based on class participation, evaluations, and ability to do the work. Ethical hacking is a hands-on discipline. While there is a fair amount of information to be covered e.g., legal aspects, file systems, and network components most people learn this subject matter by being involved and engaged in activities. For this reason, this class will employ a number of hands-on exercises. Ways to get class participation credit: 1) Be online and participate 2) Provide articles and feedback on the class discussion board. Grading format: Class Participation 20% Hands-on exercises 20% Test 1 10% Midterm Exam 20% Test 2 10% Final Exam 20% Total 100% Please note these very important class rules: 1. Academic honesty is mandatory. Cheating on tests (which means giving help or receiving help from another student, or providing unattributed/plagiarized answers) is grounds for expulsion from the class and receiving a double F, which will brand your academic career in infamy forever. If you turn in work that references someone else s work and do not properly attribute it, this is plagiarism. It is also grounds for receiving a double F in the course. This includes downloading source code from the Internet. For example, if you borrow some script code to use in your project, and it is copyrighted, you may not remove the header information and insert your own as if it were original code. This is unethical and grounds for dismissal from the class. 2. Assignments are due by the beginning of class on the due date assigned. I will not accept any late assignments unless you have specifically made arrangements with me beforehand. For example, ing me at the end of the semester to request turning in all of your missed homework because you had some illness will not work.

3 3. Religious Observances: The University recognizes the right of students and faculty to observe major religious holidays. Students who anticipate the necessity of being absent from class for a major religious observance must provide notice of the date(s) to the instructor, in writing, by the second week of classes. 4. Disabilities Accommodation: Students are responsible for registering with the Office of Students with Disabilities Services (SDS) in order to receive academic accommodations. Reasonable notice must be given to the SDS office (typically 5 working days) for accommodations to be arranged. It is the responsibility of the student to provide the instructor with a copy of the official Memo of Accommodation. Contact Information: Pat Lakey, Coordinator, , plakey@sar.usf.edu, 5. Academic Disruption: The University does not tolerate behavior that disrupts the learning process. The policy for addressing academic disruption is included with Academic Dishonesty in the catalog: Occurrences of academic disruption will be addressed be the professor (depending on the situation, the student may be asked to leave or security may be called). Following the incident, the professor will establish with the student terms for continued course participation, and the professor will also submit a report to the dean. The consequences to the student can range from an administrative reprimand to suspension from USF. Most students are highly motivated to learn and do not need to be informed of these things, but the 5% or so that want to get a free grade without doing any work need to be made aware of these rules. If you do not think you can abide by these (in my opinion, completely reasonable) rules, please do not take this course! Canvas (MyUSF): All of our tests and assignments will be submitted via Canvas. Students needing instruction in using Canvas can use the following resources: Online tutorial: Technical toll-free Helpline: Live online help: Emergency Preparedness: It is strongly recommended that you become familiar with the USF Sarasota-Manatee Emergency Action Plan and of the Safety Preparedness site (800) Hotline: The USF hotline at 1 (800) is updated with pre-recorded information during an emergency. The hotline can also be operated by staff during an emergency if the situation necessitates that additional information, direction or resources need to be communicated and the personnel can be put in place in advance, such as in the event of a hurricane or ongoing emergency Fire Alarm Instructions: At the beginning of each semester please note the emergency exit maps posted in each classroom. These signs are marked with the primary evacuation route (red) and secondary evacuation route (orange) in case the building needs to be evacuated. Emergency Evacuation Procedures: Contingency Plans: In the event of continued natural disruption (e.g., significant hurricane damage to the area or a pandemic affecting the area), all instruction will be completely

4 carried out online on Canvas (as it is anyway for this course). There will be extended deadlines as appropriate for assignments. AcademicContinuity.pdf Drops: The last day to withdraw from class and receive no academic penalty is October 29 th. We will have had our first test by then so that you can gauge your progress. Important dates: September 2 th Labor Day November 11 th Veteran s Day November 28 th & 29 th - Thanksgiving December 2 nd Week for Classes December 9 rd 13 th Final Exams

5 Course Schedule (tentative, subject to change): Week 1 Introduction to Ethical Hacking Class Intro Hacking History Ethical Hacking Threats Week 2 TCP/IP Primer TCP IP UDP Packets 3 Way Handshake Week 3 Footprinting Gathering Information Whois Tracert and TTL Week 4 Scanning Test 1 Ping Sweeps Scanning Tools Port Scanning Week 5 Enumeration NetBIOS Active Directory SNMP Enumeration DNS Zone Transfer Week 6 Hacking Windows Privilege Escalation Cracking Passwords Data Execution Prevention Week 7 Hacking Unix Quest for Root Vulnerability Mapping Services Week 8 Network Devices and Hardware Mid-Term Discovery Fingerprinting Week 9 Hacking Code Buffer Overflows Input Validation Vulnerabilities Exploits

6 Week 10 Wireless Hacking Wireless Type Service Set Identifier (SSID) Wired Equivalent Protocol (WEP) Wireless Application Protocol (WAP) Week 11 Web Server Hacking and Web Application Vulnerabilities IIS Attacks Apache Attacks Spidering Week 12 SQL Injection Vulnerabilities Test 2 SQL Injection Testing and Attacks Types of Attacks SQL Injection Prevention and Remediation Week 13 Firewalls, Intrusion Detection Systems, and Honeypots Firewall Types and Configurations Intrusion Detection Systems (IDS) Honeypot Applications Week 14 Social Engineering Social Engineering Human-Based Social Engineering Computer-Based Social Engineering Identity Theft Week 15 Viruses, Worms, and Trojans Final Paper Due Viruses Spyware Spambots Worms Week 16 Final Exams